Exploit for Incorrect Authorization in Hashicorp Consul

CVE-2021-41805 Hashicorp Consul RCE via API Has...

CVE-2022-46151

Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in querybook/server/app/auth/oauthauth.py and querybook/server/app/auth/oktaauth.py. This may allow attackers to perform reflected cross site scripting...

CVE-2022-46151 Reflected XSS

Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in querybook/server/app/auth/oauthauth.py and querybook/server/app/auth/oktaauth.py. This may allow attackers to perform reflected cross site scripting...

Exploit for CVE-2022-25765

CVE-2022-25765-pdfkit-Exploit-Reverse-Shell pdfkit 0.8.6 c...

CVE-2022-2640

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol FTP and Hypertext Transfer Protocol HTTP...

Design/Logic Flaw

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol FTP and Hypertext Transfer Protocol HTTP...

Hackers Sign Android Malware Apps with Compromised Platform Certificates

Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. "A platform certificate is the application signing...

PT-2022-17827 · Horner Automation · Rcc 972

Name of the Vulnerable Software and Affected Versions: Horner Automation's RCC 972 version 15.40 Description: The configuration files of the affected device are encrypted with weak XOR encryption, making them vulnerable to reverse engineering. This could allow an attacker to obtain credentials fo...

SUSE SLES12: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2022:4303-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4303-1 advisory. - CVE-2022-42252: Fixed a request smuggling bsc1204918. Tenable has extracted the preceding description block directly from the SUSE securit...

Remote Control Collection Remote Code Execution Exploit

This Metasploit module utilizes the Remote Control Server's protocol to deploy a payload and run it from the server. Remote Control Collection by Steppschuh version 3.1.1.12 was tested and affected at the time of the module writing. This module requires Metasploit: https://metasploit.com/download...

SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-el-3_0-api / etc (SUSE-SU-2022:4257-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4257-1 advisory. - CVE-2021-43980: Fixed information disclosure due to concurrency issues in Http11Processor bsc1203868. - CVE-2022-42252: Fixed a...

golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

Summary From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch FCEB organization where CISA observed suspected advanced persistent threat APT activity. In the course of incident response activities, CISA determined that cyber...

SUSE SLES12: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2022:4193-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:4193-1 advisory. - CVE-2022-42252: Fixed a request smuggling bsc1204918. Tenable has extracted the preceding description block directly from the SUSE security advisory...

CVE-2020-23591

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an attacker to upload arbitrary files through " /mgmdevupgrade.asp " which can "delete every file for Denial of Service using 'rm -rf .' in the code, reverse connection using '.asp' webshell,...

AlmaLinux 9 : buildah (ALSA-2022:8008)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8008 advisory. - A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is...

FreeBSD : Tomcat -- Request Smuggling (556fdf03-6785-11ed-953b-002b67dfc673)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 556fdf03-6785-11ed-953b-002b67dfc673 advisory. - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was...

Malicious Package

Overview msfpath is a malicious package. It launches a reverse shell that connects back to a malicious host. Remediation Avoid using all malicious instances of the msfpath package. Credit: Raul Onitza-Klugman from Snyk Research Team...

GHSA-WCJJ-QM5V-J4PC Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords

Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords

Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...